VAULT-34525: Documentation for single item recovery from IS snapshot #30739
Conversation
|
CI Results: |
|
Build Results: |
website/content/docs/concepts/integrated-storage/snapshot-recover.mdx
Outdated
Show resolved
Hide resolved
| Vault returns you a snapshot ID. Then you can use that snapshot ID to read, list, | ||
| and recover individual paths from the snapshot. | ||
|
|
||
| ## Supported Paths |
There was a problem hiding this comment.
| ## Supported Paths | |
| ## Supported plugins |
I'd argue the table is more about plugins than paths. Unless we're trying to say that I can't use item recovery with kv unless I've mounted it under a specific math and structured my data in a specific way?
There was a problem hiding this comment.
KV and cubbyhole only really have one path. In the future, other plugins will start supporting recover operations but only on certain paths, e.g. ssh/roles/{name} will be supported but not ssh/creds/{name}. I'm not sure of the best way to explain that.
There was a problem hiding this comment.
Maybe the table can be kept the same, but these two plugins will have "all paths" as their path value.
|
|
||
| ## Supported Paths | ||
|
|
||
| Not all paths support snapshot operations. The following paths are currently supported: |
There was a problem hiding this comment.
| Not all paths support snapshot operations. The following paths are currently supported: | |
| Not all plugins support snapshot operations. The table below outlines the | |
| functionality available for the currently supported plugins. |
|
|
||
| | Plugin | Path | Snapshot operations supported | Vault version | | ||
| |-----------|-----------------|-------------------------------|---------------| | ||
| | cubbyhole | `/:secret_name` | `recover`, `read`, `list` | 1.20.0 | |
There was a problem hiding this comment.
I don't understand the path syntax here. If I have a kv plugin mounted at dev/keys and want to recover dev/keys/sandbox/postman, can I do that?
Or do we require that my kv plugin be mounted at kv and the postman secret live at kv/postman?
There was a problem hiding this comment.
A path at dev/keys/sandbox/postman is fine.
| ## Loading snapshots | ||
|
|
||
| Load a snapshot using the [`vault operator raft snapshot load`](/vault/docs/commands/operator/raft#snapshot-load) command. There are two ways to call this command: | ||
| 1. Using a snapshot file: |
There was a problem hiding this comment.
Why are we documenting how-to instructions in a concept document?
There was a problem hiding this comment.
I thought of it as an explanation of how the feature can be used, end to end. But I can remove the command examples here.
There was a problem hiding this comment.
Hi! I'm working on a "Manage snapshots" document that includes manual and automatic integrated storage snapshot saves, restores, and this new secret recovery feature as a part of this Education task: VAULT-35538.
- Manage Snapshots document in my GH branch
- It is a combination of content from these two (now archived) SOP tutorials + the new item recovery feature:
- Design doc for Manage Snapshots
I am including some basic CLI and API example commands in the doc I'm working on, and deferring to this documentation for further details wrt to this item recovery feature.
Maybe this will be of use to folks who need some examples? I'm also looking for ideas on where this content should reside in the navigation. Right now, I've placed it in concepts just so I can run the developer preview without error. I'm open to ideas on this content and it's place in navigation. I'm trying to get this wrapped up soon for the 1.20 release.
Just wanted to comment here to raise awareness and I want to make sure I don't step on anyone's toes as well.
I appreciate any thoughts you can share, and feel free to ping me in Slack about this.
Thanks!
Co-authored-by: Sarah Chavis <62406755+schavis@users.noreply.github.com>
Co-authored-by: Sarah Chavis <62406755+schavis@users.noreply.github.com>
Co-authored-by: Sarah Chavis <62406755+schavis@users.noreply.github.com>
Co-authored-by: Sarah Chavis <62406755+schavis@users.noreply.github.com>
Co-authored-by: Sarah Chavis <62406755+schavis@users.noreply.github.com>
Co-authored-by: Sarah Chavis <62406755+schavis@users.noreply.github.com>
…ver.mdx Co-authored-by: Sarah Chavis <62406755+schavis@users.noreply.github.com>
Co-authored-by: Sarah Chavis <62406755+schavis@users.noreply.github.com>
Co-authored-by: Sarah Chavis <62406755+schavis@users.noreply.github.com>
Co-authored-by: Sarah Chavis <62406755+schavis@users.noreply.github.com>
Co-authored-by: Sarah Chavis <62406755+schavis@users.noreply.github.com>
…30739) * start * docs * everything except the concept doc * actual progress * thank you copilot for finding passive voice * formatting * add changelog * fix formatting of changelog * update changelog * Update website/content/api-docs/secret/cubbyhole.mdx Co-authored-by: Sarah Chavis <62406755+schavis@users.noreply.github.com> * Update website/content/api-docs/secret/cubbyhole.mdx Co-authored-by: Sarah Chavis <62406755+schavis@users.noreply.github.com> * Update website/content/api-docs/secret/cubbyhole.mdx Co-authored-by: Sarah Chavis <62406755+schavis@users.noreply.github.com> * Update website/content/api-docs/secret/cubbyhole.mdx Co-authored-by: Sarah Chavis <62406755+schavis@users.noreply.github.com> * Update website/content/api-docs/secret/kv/kv-v1.mdx Co-authored-by: Sarah Chavis <62406755+schavis@users.noreply.github.com> * Update website/content/api-docs/secret/cubbyhole.mdx Co-authored-by: Sarah Chavis <62406755+schavis@users.noreply.github.com> * Update website/content/docs/concepts/integrated-storage/snapshot-recover.mdx Co-authored-by: Sarah Chavis <62406755+schavis@users.noreply.github.com> * Update website/content/api-docs/secret/cubbyhole.mdx Co-authored-by: Sarah Chavis <62406755+schavis@users.noreply.github.com> * Update website/content/api-docs/secret/kv/kv-v1.mdx Co-authored-by: Sarah Chavis <62406755+schavis@users.noreply.github.com> * Update website/content/api-docs/secret/kv/kv-v1.mdx Co-authored-by: Sarah Chavis <62406755+schavis@users.noreply.github.com> * Apply suggestions from code review Co-authored-by: Sarah Chavis <62406755+schavis@users.noreply.github.com> * more fixes * remove example usage --------- Co-authored-by: Sarah Chavis <62406755+schavis@users.noreply.github.com>
…30739) * start * docs * everything except the concept doc * actual progress * thank you copilot for finding passive voice * formatting * add changelog * fix formatting of changelog * update changelog * Update website/content/api-docs/secret/cubbyhole.mdx Co-authored-by: Sarah Chavis <62406755+schavis@users.noreply.github.com> * Update website/content/api-docs/secret/cubbyhole.mdx Co-authored-by: Sarah Chavis <62406755+schavis@users.noreply.github.com> * Update website/content/api-docs/secret/cubbyhole.mdx Co-authored-by: Sarah Chavis <62406755+schavis@users.noreply.github.com> * Update website/content/api-docs/secret/cubbyhole.mdx Co-authored-by: Sarah Chavis <62406755+schavis@users.noreply.github.com> * Update website/content/api-docs/secret/kv/kv-v1.mdx Co-authored-by: Sarah Chavis <62406755+schavis@users.noreply.github.com> * Update website/content/api-docs/secret/cubbyhole.mdx Co-authored-by: Sarah Chavis <62406755+schavis@users.noreply.github.com> * Update website/content/docs/concepts/integrated-storage/snapshot-recover.mdx Co-authored-by: Sarah Chavis <62406755+schavis@users.noreply.github.com> * Update website/content/api-docs/secret/cubbyhole.mdx Co-authored-by: Sarah Chavis <62406755+schavis@users.noreply.github.com> * Update website/content/api-docs/secret/kv/kv-v1.mdx Co-authored-by: Sarah Chavis <62406755+schavis@users.noreply.github.com> * Update website/content/api-docs/secret/kv/kv-v1.mdx Co-authored-by: Sarah Chavis <62406755+schavis@users.noreply.github.com> * Apply suggestions from code review Co-authored-by: Sarah Chavis <62406755+schavis@users.noreply.github.com> * more fixes * remove example usage --------- Co-authored-by: Sarah Chavis <62406755+schavis@users.noreply.github.com>
Description
This PR adds documentation for the enterprise feature enabling users to recover individual items from a raft snapshot.
TODO only if you're a HashiCorp employee
backport/label that matches the desired release branch. Note that in the CE repo, the latest release branch will look likebackport/x.x.x, but older release branches will bebackport/ent/x.x.x+ent.of a public function, even if that change is in a CE file, double check that
applying the patch for this PR to the ENT repo and running tests doesn't
break any tests. Sometimes ENT only tests rely on public functions in CE
files.
in the PR description, commit message, or branch name.
description. Also, make sure the changelog is in this PR, not in your ENT PR.